Your Business is Your Baby: Don’t Let Anyone Hold It Ransom

By now, you’ve probably heard about the worldwide cyberattack that affected more than 200,000 computers in over 150 countries within a single weekend. The WannaCry ransomware attack targeted computers running on an old version of Microsoft Windows. It encrypted data on unsecured devices and demanded payments via bitcoin.

The virus was identified on Friday, May 12, 2017, by a security researcher who discovered that the virus was calling to an unregistered domain. The researcher then registered the domain in an attempt to monitor the spread of the virus. Little did he know that registering the domain activated a kill switch in the virus that severely minimized its damage.

Since the initial outbreak, we’ve seen multiple new versions of the virus that don’t have this same weakness. This new outbreak is more deadly than the previous version and can only be effectively stopped when everyone updates their systems with versions that don’t have the exploited flaw.

This type of attack is not new. The model is, unfortunately, as old as traditional kidnapping. The creators of these viruses hold your data or computer hostage until you pay a specified ransom. Only then will you once again have access to your information. When these viruses infect computers, they will typically freeze your ability to open or run any program or file and show you a screen that declares your files have been encrypted and you must pay to unencrypt them. For added drama, some even come equipped with a doomsday clock that counts down until your data is permanently deleted.

Most people equate these viral digital infections with phishing scams that require a user’s participation – by clicking a link they shouldn’t or opening an email that was best left alone – but ransomware attacks are not scams. They sneak into your system and steal information. They don’t wait for your permission.

You’re right to be scared of these infections. They can be damning to your business. You can’t predict when they’ll strike, what they’ll take or what you’ll have to do to get your data back. You aren’t completely helpless, though. There are three ways you can actively work to prevent these attacks or at least mitigate the aftermath before they take control of your data.

Upgrade your software.

We cannot stress this enough. The WannaCry attack affected so many people because of a vulnerability within an old version of the Microsoft software. Microsoft released a patch in March of this year to remove that vulnerability, but that didn’t help the people who hadn’t yet updated their systems. We know that upgrades take a lot of time, are tedious and can make your life more difficult in the short term, but they are also essential to maintaining your business’ cybersecurity.

Invest in cybersecurity.

Speaking of cybersecurity… invest in a cybersecurity program or company with real-time protection to stop any attempts at breaking through your security. If you can find one that specifically looks for and protects against ransomware, all the better.

Backup your data often.

Paying a ransomware attacker the money they ask for isn’t a guarantee you’ll get your data back. Backups are a pain, but they can also be your saving grace after an attack, natural disaster or system crash.

Data breaches, phishing scams and ransomware attacks are becoming all too commonplace. Protect your business and your clients by investing in security software or company, training your employees on how to recognize an attack and creating a security protocol that dictates a chain of command in the event of an attack on your business.